Given this HTTP request header for authentication:
Authorization: Bearer abc123token
What is the expected server response status code if the token is valid?
Think about what status code means success when token is valid.
A valid Bearer token means the user is authenticated, so the server responds with 200 OK. 401 means unauthorized (no or invalid token), 403 means forbidden (authenticated but no permission), 500 means server error.
Choose the authentication method that relies on a shared secret key between client and server.
Think about which method requires a secret key sent or stored by both client and server.
API Key Authentication uses a shared secret key that the client sends with requests. OAuth 2.0 uses tokens and authorization codes, JWT requires a secret to sign tokens but not shared directly, Basic Auth requires username and password.
Consider this HTTP request header:
Authorization: Bearer
The server responds with 401 Unauthorized. What is the most likely cause?
Check the format of the Authorization header carefully.
The Authorization header must include the word 'Bearer' followed by a space and the token. Here, the token is missing, so the server rejects the request with 401 Unauthorized.
Choose the correctly formatted Authorization header for Basic Authentication with username 'user' and password 'pass'.
Remember Basic Auth requires base64 encoding of 'username:password'.
The string 'user:pass' base64 encoded is 'dXNlcjpwYXNz'. The header must be 'Authorization: Basic ' followed by this encoded string without quotes.
Given this OAuth 2.0 token response JSON:
{
"access_token": "abc123",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "read write delete"
}How many scopes does this token grant?
Count the number of space-separated scopes in the 'scope' field.
The 'scope' field contains three scopes: 'read', 'write', and 'delete'.